United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



I0/667.X52 



09/22/200.1 



45095 7590 12/09/2009 

HOFFMAN WARNICK LLC 
75 STATE ST 
14 FL 

ALBANY, NY 12207 



Bruce Wallman 



CHA920030022I SI 



TOLENTINO, RODERICK 



PAPER NUMBER 



NOTIFICATION DATE | DELIVERY MODE 
12/09/2009 ELECTRONIC 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 

Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the 
following e-mail address(es): 

PIXX \)ininunications(n 'liolTmamvarnick.coin 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/667,852 


Applicant(s) 

WALLMAN, BRUCE 


Examiner 

Roderick Tolentino 


Art Unit 

2439 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 04 September 2009 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1,4,5,7-9, 11. 14. 15 and 17-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1.4-5 7-9. 11. 14. 15 and 17-22 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 22 September 2003 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20091201 



Application/Control Number: 10/667,852 Page 2 

Art Unit: 2439 

DETAILED ACTION 

1. Claims 1, 4, 5, 7 - 9, 11, 14, 15 and 17 - 22 are pending. 

Response to Arguments 

2. Applicant's arguments with respect to claim 1 have been considered but are moot 
in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically teachd or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the 
prior art are such that the subject matter as a whole would have been obvious at the time the invention 
was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1 , 4, 7 - 9, 1 1 , 14 and 17 - 22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Ramachandran et al. U.S. PG-Publication No. (2003/0084343) 
in view of Hay U.S. PG-Publication No. (2002/0120868). 

5. As per claim 1 , Ramachandran teaches a logical security system for processing 
login and password data received from a client device during a server session with the 
Internet server in order to authenticate a logged in user (Ramachandran, Paragraph 
0009, login a user session with password) but fails to teach a physical security system 
for processing Internet protocol (IP) address information of the client device at the 
Internet server in order to authenticate the client device for the duration of the server 
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session, and a memory system for storing, at the Internet server, a list of each logged in 
user and a reference IP address collected during a login procedure, wherein the logical 
security system is configured to access the list to authenticate the logged in user, and 
wherein the physical security system is configured to separately access the list in order 
to authenticate the client device, wherein the physical security system includes a proxy 
server module for comparing only a portion of an IP address obtained from a received 
message against only a like portion of the reference IP address for the logged in user. 
However, in an analogous art Hay teaches a physical security system for processing 
Internet protocol (IP) address information of the client device at the Internet server in 
order to authenticate the client device for the duration of the server session (Hay, 
Paragraph 0012, IP Address to authenticate a user) and a memory system for storing, 
at the Internet server, a list of each logged in user and a reference IP address collected 
during a login procedure, wherein the logical security system is configured to access the 
list to authenticate the logged in user, and wherein the physical security system is 
configured to separately access the list in order to authenticate the client device (Hay, 
Paragraph 0012, List of authorized IP Addresses) and wherein the physical security 
system includes a proxy server module for comparing only a portion of an IP address 
obtained from a received message against only a like portion of the reference IP 
address for the logged in user (Hay, Paragraph 0012, comparing to see if the IP 
address is an authorized IP address, portion is interpreted to be the entire address). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Hay's method for dynamic server provisioning with 
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Ramachandran's one protocol wed access to usage data in a data structure of a usage 
based licensing server because it offers the advantage of ensuring that a user cannot 
maliciously alter data/server (Hay, Paragraph 0008). 

6. As per claim 4, Ramachandran as modified teaches the physical security system 
terminates the session for the user if the portion of the IP address obtained from the 
received message does not match the like portion of the reference IP address for the 
logged in user (Hay, Paragraph 0012, log error if IP is not authorized). 

7. As per claim 7, Ramachandran teaches storing in a memory system, at the 
Internet server associated login data whenever a new server session is initiated on the 
Internet server from a client device (Ramachandran, Paragraph 0009, login a user 
session with password) but fails to teach a reference IP address and receiving a 
message from a requesting user at the Internet server; obtaining login data 
accompanying the message; obtaining an IP address from a message header in the 
message, determining if the login data of the requesting user is currently listed in the 
memory system as an existing session with the Internet server and if the login data of 
the requesting user is currently listed, determining at the Internet server if the IP 
address from the received message matches the reference IP address associated with 
the login data of the requesting user, the determining of the IP address including 
examining only a portion of the IP address of the requesting user and determining if the 
portion matches only a like portion of the reference IP address. However, in an 
analogous art Hay teaches a reference IP address and receiving a message from a 
requesting user at the Internet server, obtaining login data accompanying the message; 
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obtaining an IP address from a message header in the message (Hay, Paragraph 0012, 
IP Address to authenticate a user) and determining if the login data of the requesting 
user is currently listed in the memory system as an existing session with the Internet 
server (Hay, Paragraph 001 2, List of authorized IP Addresses) and if the login data of 
the requesting user is currently listed, determining at the Internet server if the IP 
address from the received message matches the reference IP address associated with 
the login data of the requesting user (Hay, Paragraph 0012, List of authorized IP 
Addresses), the determining of the IP address including examining only a portion of the 
IP address of the requesting user and determining if the portion matches only a like 
portion of the reference IP address (Hay, Paragraph 0012, comparing to see if the IP 
address is an authorized IP address, portion is interpreted to be the entire address). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Hay's method for dynamic server provisioning with 
Ramachandran's one protocol wed access to usage data in a data structure of a usage 
based licensing server because it offers the advantage of ensuring that a user cannot 
maliciously alter data/server (Hay, Paragraph 0008). 

8. As per claim 9, Ramachandran teaches the further step of terminating all server 
sessions listed in the memory system having the login data of the requesting user if the 
portion of the IP address from the obtained message does not match the like portion of 
the reference IP address (Hay, Paragraph 0012, log error if IP is not authorized). 

9. As per claim 1 1 , Ramachandran teaches a [[means]] a component for processing 
logical security information received from a client device during a server session in 



Application/Control Number: 10/667,852 Page 6 

Art Unit: 2439 

order to authenticate a logged in user (Ramachandran, Paragraph 0009, login a user 
session with password) but fails to teach [[means]] a component for processing Internet 
protocol (IP) address information of the client device in order to authenticate the client 
device during the server session by comparing the IP address of a received message 
against the list of IP addresses stored by the server; and [[means]] a component for 
storing, at the Internet server, a list of each logged in user and a respective reference IP 
address collected during a login procedure, wherein the component for processing 
logical security information is configured to access the list to authenticate the logged in 
user, and wherein the component for processing IP address information is configured to 
separately access the list to authenticate the client device, wherein the component for 
processing IP address information includes a proxy server module for comparing only a 
portion of an IP address obtained from a received message against only a like portion of 
the reference IP address for the logged in user. However, in an analogous art Hay 
teaches [[means]] a component for processing Internet protocol (IP) address information 
of the client device in order to authenticate the client device during the server session 
by comparing the IP address of a received message against the list of IP addresses 
stored by the server (Hay, Paragraph 0012, List of authorized IP Addresses) and 
[[means]] a component for storing, at the Internet server, a list of each logged in user 
and a respective reference IP address collected during a login procedure, wherein the 
component for processing logical security information is configured to access the list to 
authenticate the logged in user (Hay, Paragraph 0012, List of authorized IP Addresses), 
and wherein the component for processing IP address information is configured to 
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separately access the list to authenticate the client device, wherein the component for 
processing IP address information includes a proxy server module for comparing only a 
portion of an IP address obtained from a received message against only a like portion of 
the reference IP address for the logged in user (Hay, Paragraph 0012, comparing to see 
if the IP address is an authorized IP address, portion is interpreted to be the entire 
address). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Hay's method for dynamic server provisioning with 
Ramachandran's one protocol wed access to usage data in a data structure of a usage 
based licensing server because it offers the advantage of ensuring that a user cannot 
maliciously alter data/server (Hay, Paragraph 0008). 

10. As per claim 14, Ramachandran as modified teaches the [[means]] component 
for processing IP address information terminates the session for the user if the portion 
of the IP address obtained from the received message does not match the like portion 
of the reference IP address for the logged in user stored in the list (Hay, Paragraph 
0012, log error if IP is not authorized). 

11. As per claim 1 7, Ramachandran as modified teaches the portion of the IP 
address includes the first characters of the IP address (Hay, Paragraph 0012, 
comparing to see if the IP address is an authorized IP address, portion is interpreted to 
be the entire address). 

12. As per claim 18, Ramachandran as modified teaches the portion of the IP 
address includes the first characters of the IP address (Hay, Paragraph 0012, 
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comparing to see if the IP address is an authorized IP address, portion is interpreted to 
be the entire address). 

13. As per claim 19, Ramachandran as modified teaches, wherein the portion of the 
IP address includes the first characters of the IP address (Hay, Paragraph 0012, 
comparing to see if the IP address is an authorized IP address, portion is interpreted to 
be the entire address). 

14. As per claim 20, Ramachandran as modified teaches the IP address information 
is received from a proxy server capable of sending a plurality of IP addresses assigned 
to a plurality of client devices, and wherein the IP address includes a portion which is 
constant for each of the plurality of IP addresses (Hay, Paragraph 0012, IP Address to 
authenticate a user). 

15. As per claim 21 , Ramachandran as modified teaches the IP address information 
is received from a proxy server capable of sending a plurality of IP addresses assigned 
to a plurality of client devices, and wherein the IP address includes a portion which is 
constant for each of the plurality of IP addresses (Hay, Paragraph 0012, IP Address to 
authenticate a user). 

16. As per claim 22, Ramachandran as modified teaches the IP address information 
is received from a proxy server capable of sending a plurality of IP addresses assigned 
to a plurality of client devices, and wherein the IP address includes a portion which is 
constant for each of the plurality of IP addresses (Hay, Paragraph 0012, IP Address to 
authenticate a user). 
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17. Claim 5 and 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ramachandran et al. U.S. PG-Publication No. (2003/0084343) in view of Hay U.S. PG- 
Publication No. (2002/0120868) and in further view of Muratov et al. U.S PG-Publication 
No. (2003/0097596). 

18. As per claims 5 and 15, Ramachandran as modified teaches comparing IP 
addresses thru comparing authentication information transmitted and checking to see if 
the information including IP addresses match (Hay, Paragraph 0012, comparing to see 
if the IP address is an authorized IP address, portion is interpreted to be the entire 
address), but fails to teach deleting all instances of the logged in user. However, in an 
analogous art Muratov teaches deleting all instances of the logged in user (Muratov, 
Paragraph 0015). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Muratov's system for protecting data with 
Ramachandran's one protocol wed access to usage data in a data structure of a usage 
based licensing server because it offers the advantage of protecting data from 
unauthorized access (Muratov, Paragraph 0017). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Roderick Tolentino whose telephone number is (571) 
272-2661 . The examiner can normally be reached on Monday - Friday 9am to 5pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Edan Orgad can be reached on (571 ) 272-381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Roderick Tolentino 

Examiner 

Art Unit 2439 

Roderick Tolentino 
/R. TV 

Examiner, Art Unit 2439 



/Edan Orgad/ 

Supervisory Patent Examiner, Art Unit 2439 



